From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web12.2574.1660110157928836160 for ; Tue, 09 Aug 2022 22:42:38 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=LMsU7vEm; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: ray.ni@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1660110157; x=1691646157; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=0Dp0ejGwwmwuAS+LCOqPAkc+wWtikgyu+RLlDt0H4ic=; b=LMsU7vEmJ9P2R3cKkbm6FedFuQOfoe2/H/7OeQu0/BFxNea2sVgc7loK tnVbEBFRrauS4j1Bx6yIMriaLEBvbtmK5Qi2IewIXQNtRxhpJmQcFsE9+ u5KUQhzsBQWDiz6AAE3KhFOYriSXMoqFbxmmNdTV04oFRGD6zT7TY4gtG PIuUJf7lSIAoo+U23lRx1+5/LfwBXpUwosmpNlwThlbWHVCmWnLoyN8cp vGIBEgEabFmjKyBMwKXqCJ0QZD2SlnlubhQj+lhcWh53yDrnMd5272kcm kMUdwBtdC/a9BpTjH+2O9nB8J1yi5BhWfNgM7oTg3NQK2ePyGAa4B55e7 Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10434"; a="377293870" X-IronPort-AV: E=Sophos;i="5.93,226,1654585200"; d="scan'208";a="377293870" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Aug 2022 22:42:25 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,226,1654585200"; d="scan'208";a="555611477" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga003.jf.intel.com with ESMTP; 09 Aug 2022 22:42:24 -0700 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Tue, 9 Aug 2022 22:42:24 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28 via Frontend Transport; Tue, 9 Aug 2022 22:42:24 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.170) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.28; Tue, 9 Aug 2022 22:42:23 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oMc2zS+Rcb58ZPC2phG78fc6d8SgXzzr/w10cF7DHMg/M7ToVu6F4itLmuteA5PV4ubHiOxCnWAMrc/f7cxgHgp+IJvv/D6PpuWXsbrjSHSSV6t1Kj9AX+HU29f4xSQhCHtXNcU8wn2uX6nbtD3hykki4ifwwOiqDrYTBCzkudEPCMjdEmKPgm/3gFs/CZs6F6FG6MGKC1YSgT/BWDwSl+Pzd70/SzKDE2UdCqRFsUQ8dU1gOoYyFps9sQUolrXXN2jvrqLYMeEcsJrBobn9GyU2K9S8CK2x2Sae3MNU4TWy4EQH4f3Z2lmPLTl83bJGLRFjhTZKQ+DEFRtjj9q7dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1cDmwOMV4J+cTImF0c9yzVZsG/qMF7ds5pp2GBuAb5s=; b=MJDF9XuZwIGvISf5s4hwF/dp8fVP5lUY9PICNv6tXYe29EELsSJzvff2YTy52b2gnw+4Ol+Qqk0/1UpkGzPKkOR3wEdDrALg64Uob6rpri5lgkc/yUQ/A/GiWcV4ccK/yizbgfVRm4F5boVJ9OutteUXy1gFyAn3+LIDvsUYS5te8S3CnHCXXep6x1xPP/s+wGPV1frz+0hQ3MOwuxhf1lsf5IKNnLa/K0hldM+jTLfwCPpbdt9iyx0oaEhvNvYUODIvEh//YuLSCHzRpGotbKGxuhoMS0BpdC551PtnvDaUV4Dw0hHtcrISiMcszW9M2pIp5ETXAHoVgNekAMm2fg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MWHPR11MB1631.namprd11.prod.outlook.com (2603:10b6:301:10::10) by PH7PR11MB6404.namprd11.prod.outlook.com (2603:10b6:510:1f8::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5525.10; Wed, 10 Aug 2022 05:42:16 +0000 Received: from MWHPR11MB1631.namprd11.prod.outlook.com ([fe80::991b:97a0:7836:5174]) by MWHPR11MB1631.namprd11.prod.outlook.com ([fe80::991b:97a0:7836:5174%10]) with mapi id 15.20.5504.020; Wed, 10 Aug 2022 05:42:16 +0000 From: "Ni, Ray" To: "Tan, Dun" , "devel@edk2.groups.io" CC: "Dong, Eric" , "Kumar, Rahul R" Subject: Re: [Patch V2 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Add a new mIsShadowStack flag Thread-Topic: [Patch V2 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Add a new mIsShadowStack flag Thread-Index: AQHYrHt2voGZN/r2L0+dl+CAqLb3Jq2nnoJg Date: Wed, 10 Aug 2022 05:42:16 +0000 Message-ID: References: <20220810053713.378-1-dun.tan@intel.com> <20220810053713.378-2-dun.tan@intel.com> In-Reply-To: <20220810053713.378-2-dun.tan@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8a5fe4c7-1e83-433d-8ea5-08da7a931581 x-ms-traffictypediagnostic: PH7PR11MB6404:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: oh7Py8mHMTDSvbx0/si037orkh8KcPFgcbqUc/OIbLtxXNk9g/WJvEm7aAOxdnBMb0UmPQJ58WwNtYpNXse4eSf5Tttz7w5iAHdG4DJRaYmD4rP8wxZDxAbrRRj3VsoiAoJ5hcSOMr0gmbiXKeSw3YNX//k/MutXZwHlRfLkTLXBiscvJXipuzhzFRsWPgCIf97eSSQEyo1BJPuh6T4sMxZ1AATOF9W3ypb/Cm4bv104jgvhUeTCh0zny9UFgzQIKmZcmGFqVA/jVyBFqcLUwLqZMOLLAgZZTVjJCWzU8P1QHuatZdewSceWIM78vAPg18QIJY2G8ieHBGLo2yu47alVwqGy7yxjkVcFN0gobQlT2qvq3oPuBqTUCWmaarhxPAj/cOWVxKCkDJbWPeAM+R2DVMQ0tw9jMGZJiMW/Q81A0yBurvUFlzA/mK3UFu0813qu8PeOGMV/hROsxgBBdEhYzT8tsB99JmLO6yYR59T610LRiNK5oiqIuy8VlB9MNTOHqS9MmkI0ia+9Ol4aAV3bjY57ENHOTW1HS9cRzFVNXWvnBcDDH9EQoADVs5n9Rl/dNGTqAqhDN8PdSLCEH3J1E/sPOCFI2Ll+3SuqgbWI8XzE9OwzmjigO++aE06tzz9Bci3x5ZSJHoDG7zSgS0PZLaQC+4gWEMhJOHGpbXxayF2xII2+2B9zqGGwp93VYPbZ+rEWv5T9U3+44YX3dDmiHFkzgZBIB94jiS3vnIiIxOnC6lxmVoYC3sbHqPPhBl3UeP4dbBlKiRdjaSSGXld3dK5/LUhDAUpiYdhut4OVdtsWX40oCBsRXfl6trGHMaqLTyXIOu8vvG83kkgFEQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR11MB1631.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(6029001)(136003)(346002)(396003)(39860400002)(376002)(366004)(52536014)(8936002)(53546011)(7696005)(6506007)(2906002)(83380400001)(55016003)(186003)(478600001)(26005)(5660300002)(107886003)(41300700001)(38100700002)(86362001)(9686003)(122000001)(33656002)(38070700005)(66946007)(71200400001)(54906003)(110136005)(82960400001)(76116006)(66556008)(66476007)(316002)(8676002)(4326008)(66446008)(64756008)(145543001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Nx0mlGCPC9iYt+HbZuGKj1YlgcSEPhD50ejbBpUckoc/ho6LLldab3xDWnmx?= =?us-ascii?Q?0iQkLx3ZSGwTTnjHtkK7ziHVBPBP/myJDfjFNqKlvhbdOGFmVBN/kS/8S4jN?= =?us-ascii?Q?KeoETyM4P8IJm28iUPs8/ewVlTTpTXJ3p7mSuo9EBpEU2+4TDP1X6A0+/I2+?= =?us-ascii?Q?LVnvUSGBc3ZMTbzVMvUT0dSytEXW3T57ZhT79YB0lMc3VIHiU6qEICPkGSRp?= =?us-ascii?Q?Vzq5HQJQ99yP23dzSLO92K5WwlARX/zzr9GVpwwKlGhFLFmfi2SSPhAIzHgb?= =?us-ascii?Q?FGDYSpnTn+BTOU+vdT72A0dYDohtoCURKfxFWU0bl036o3R/n81Nb1PF7cLC?= =?us-ascii?Q?pD996klyY9jveiHdQzcPResVbNFUcWM1GVdfPnwmbKhBdglgv1/siu1blOki?= =?us-ascii?Q?fEizPyx/pl+79DY9Kb6VCwNpdQOtbD+hgaTxJKKdx/3XC1X+U8Hh8X67E4Fz?= =?us-ascii?Q?Ogit5B7tzkXkk0ceaZDZt7fZncidcnnqmUgonWj+et54MERE/i5srR6Cv/TZ?= =?us-ascii?Q?dEvzQLRlHNTm4qASNhF4RtqHLy3TxFpH1w/HItfVHn2YgIN2fmyANAMsJCc8?= =?us-ascii?Q?K+9G8JXRhRJeeGKvjptk9XSm+C9CfrN5BWpwGbGVetlUO6pQXFZwGkaLZTYY?= =?us-ascii?Q?FQX/d2tJch5ea68JUqwWRO+FnTVmiRyeiPvliQ47Qudwu+D4nZ0l5iRdoLMp?= =?us-ascii?Q?3/E5nrTmslPAGWpodki5VdDfTD0yy6eih+ZJmNnQXmGOI5EEc14CjA0TfFAt?= =?us-ascii?Q?CsyEVzFv7wt+BseEhRud6VfdkdzL4a57jJ4FMbNi4mSdH1tqBD8Nxaa1YRAH?= =?us-ascii?Q?/D+G4x9AfGEWMwY+0yWdVGX3NDpwUy8G3QjhRtEiNEG6L4pNao0+GB30NScC?= =?us-ascii?Q?qLSTgYMxIcPUhMEjGvIgvDxGOt4gQ50b04ay9vnUpzZkzs2op2LpnVeYIZLG?= =?us-ascii?Q?0+CuF8bqcoOeH1vSRrz+hIQXHoG7g6sFf8XjEgu5rBY8qo5XmVRBuL9uoFeY?= =?us-ascii?Q?Ba1c6xjf8u94LkwYEu2Z0kkZwwQENK0ipWjXxBu6EppPO4qHBSxBzxtvuYNU?= =?us-ascii?Q?vYP+zBi/lmDRGKlcpTLvV5TmsO12b51/oRqjDCE9Q/rtRdfsvMjE76NlUr0g?= =?us-ascii?Q?lthu7SyOzwcZ+MAPr8zEsNln8FvQLLhOjm1ldHzGRabZU8nDqmlgG9h/zZXG?= =?us-ascii?Q?mwT2TLZknsVjxV6pGHMa37B9v/05OG+G81D10k5jykH9ZyC5HS94if1Eef7X?= =?us-ascii?Q?/vEPt2RUK//rt8rE8pLIxtXIWdR495xxUHr7wngm1DPZmUYmIIvjyq/QhoSZ?= =?us-ascii?Q?hK2e445KkGIU6VFdXK9IwiS8Gxd28rPjkXQfU2ucJBPnpUb+LbaD7jRAfDqz?= =?us-ascii?Q?9sgSK+qXo74W1Thu0064cd/cwz91NU40jIFu5LpESZmv+pNvp2JCoc3/O/YM?= =?us-ascii?Q?nDhhxjUzsOd4lKCe6dxAAw99yHNbuctKk6YKgTuyyuHHBACW211kEW7PGVwS?= =?us-ascii?Q?NWQ3n9NuMSeKf4juPdKE0UnTt20iOZYLTSX8SD2dmJHVb1DFPQnIdFbC+9N+?= =?us-ascii?Q?0PNYtNHm0oB1ZUQ+IyHJ/GJX0E4fXcVr+skQ7pIZ?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1631.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8a5fe4c7-1e83-433d-8ea5-08da7a931581 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Aug 2022 05:42:16.5314 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: kGHhAamp63iKTcwMGAYtrqFcMOUNbPEY4PvwLhsIFNzFVDxhsl2Y63DRK4D9U8zTq8t0qGAHRLqd04RLMp6kPQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB6404 Return-Path: ray.ni@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Ray Ni > -----Original Message----- > From: Tan, Dun > Sent: Wednesday, August 10, 2022 1:37 PM > To: devel@edk2.groups.io > Cc: Dong, Eric ; Ni, Ray ; Kumar, > Rahul R > Subject: [Patch V2 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Add a new > mIsShadowStack flag >=20 > This patch is code refactoring and doesn't change any functionality. > Add a new IsShadowStack flag to identify whether current memory is > shadow stack. Previous smm code logic regards a RO range as shadow > stack and set the dirty bit in corresponding page table entry if > mInternalCr3 is not 0, which may be confusing. >=20 > Signed-off-by: Dun Tan > Cc: Eric Dong > Cc: Ray Ni > Cc: Rahul Kumar > --- > UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 8 > +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) >=20 > diff --git > a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > index 1f7cc15727..237742d7e6 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > @@ -33,6 +33,7 @@ PAGE_ATTRIBUTE_TABLE mPageAttributeTable[] =3D { > }; >=20 > UINTN mInternalCr3; > +UINTN mIsShadowStack =3D FALSE; >=20 > /** > Set the internal page table base address. > @@ -249,7 +250,7 @@ ConvertPageEntryAttribute ( > if ((Attributes & EFI_MEMORY_RO) !=3D 0) { > if (IsSet) { > NewPageEntry &=3D ~(UINT64)IA32_PG_RW; > - if (mInternalCr3 !=3D 0) { > + if (mIsShadowStack) { > // Environment setup > // ReadOnly page need set Dirty bit for shadow stack > NewPageEntry |=3D IA32_PG_D; > @@ -734,10 +735,11 @@ SetShadowStack ( > EFI_STATUS Status; >=20 > SetPageTableBase (Cr3); > - > - Status =3D SmmSetMemoryAttributes (BaseAddress, Length, > EFI_MEMORY_RO); > + mIsShadowStack =3D TRUE; > + Status =3D SmmSetMemoryAttributes (BaseAddress, Length, > EFI_MEMORY_RO); >=20 > SetPageTableBase (0); > + mIsShadowStack =3D FALSE; >=20 > return Status; > } > -- > 2.31.1.windows.1